Working Groups and Committees

Health-ISAC is a community of peers in the health sector. One of the important ways in which this community comes together to lead and drive solutions for the industry is through committees and working groups.

We hope you will join, participate, and help lead the healthcare sector.

Working Groups

Joint Working Groups


Working Groups

Health-ISAC Working Groups are created by the members, for the members. The working groups leverage the Health-ISAC health community to address specific problems in various topics. Working groups serve as discussion forums and create products such as re-usable templates, policies, best practices, etc. Any member is welcome to join any working group. If you are an Health-ISAC Member and you are interested in joining or starting a working group, please contact membership.

Artificial Intelligence Working Group

The Artificial Intelligence Working Group’s purpose is to provide a forum for Health-ISAC members to grapple with the rapid development and deployment of AI and other applications of machine learning. To that end, the group will focus on three goals: first, enhance member’s understanding of emerging AI/ML systems and how to leverage them effectively. Second, sharing best practices and lessons learned to help members mitigate the risk posed by the deployment of AI systems. Finally, it will share information about threats to and by AI/ML systems.

Business Information Security Office (BISO) Working Group

The purpose of Health-ISAC BISO Working Group is to establish a robust community of healthcare BISOs who specialize in bridging an organization’s security strategies with its overall business strategies. By facilitating regular communication and collaboration, the group aims to uncover trends across organizations to coordinate security and business needs and identify ways to communicate these effectively, thus effectively acting as a liaison across units, addressing challenges, and sharing best practices/lessons learned that BISOs face.

Cybersecurity Analytics Working Group

This group is working to establish a strategic approach to analytics development and sharing in order to promote open collaboration among the healthcare community.  Leveraging MITRE’s Adversary Tactics, Techniques & Common Knowledge (ATT&CK) framework, each member organization conducts independent research on specific cybersecurity threat tactics.   The group meets regularly to share research results, refine the common analytic sharing model, and promote continuous improvement by the member community.

Cyber Threat Intelligence Program Development (CTIPD) Working Group

This working group’s purpose is to facilitate and promote discussion regarding the development of Cyber Threat Intelligence programs within member organizations of all sizes, with the intentions of developing best practices and guidance to provide the tools necessary to build a CTI program tailored to your organizational needs.

Cybersecurity Awareness and Training Working Group

The purpose of this working group is to develop a mechanism whereby members can share ideas and tangible assets that can be leveraged to support the cybersecurity education and awareness programs of our Health-ISAC member community.

Diversity and Inclusion Working Group

The purpose of this group is to provide a platform to support discussion and sharing of best practices that enable a commitment to equality and representation for practitioners from all walks of life and ensuring those from under-represented socioeconomic backgrounds, ethnicities, sexual orientations, gender, mental normative status, able-bodied-ness, and nationality have a forum to encourage outreach, participation and advocacy.

Email Security Working Group

This working group’s mission is to gather, explain, and promote information security best practices related to sending and receiving email.  This includes, but is not limited to, phishing training, sandboxing, DLP, and DMARC.  Goals include: developing configuration recommendations for major email platforms and answering member questions related to email security. 

Identity and Access Management (IAM) Working Group

The Health-ISAC Identity Working Group will bring together individuals with identity and access management knowledge, who will participate with a shared commitment to provide identity and access management guidance with a goal to protect our enterprises from identity compromise while enabling members to achieve their digital experience goals.

Information Protection Working Group

Members of this working group share best practices, emerging threats, learnings, challenges, ideas and approaches to detect and protect confidential information from cyberattacks and insider threats. Members discuss how to align their information protection program with business needs and compliance requirements; maximize the value from technological investments; define and measure success; and continuously reduce the collective risk of data leakage across the healthcare industry. 

IT M&A Integration and Divestitures Working GroupIT M&A Integration and Divestitures Working Group

This group’s goal is to provide an opportunity to gain insight, perspective, and knowledge sharing with M&A IT experts across the life sciences industry including opportunities for consistent terminology, mature processes, and value proposition of IT M&A structure. 

IS Risk Management Working Group

The focus of this group will be to share experiences, tactics, wins, and challenges to evolve our collective capabilities and enable the focus of our organizations. Goals include: Share best practices across risk management methods, services, and outcomes; Reduce the impact of threats from adversaries by better understanding the risks that can or will affect us (protecting information and reputation of the sector);  Improve efficiency and effectiveness of security risk management operations; Explore opportunities of opportunities of sharing risk tactics or actually risks so that we can build a collective risk/threat landscape; Learn from each other’s accomplishments and challenges; Surface innovative ways to progress the risk management discipline; Define collective best practices for our ISAC; Build partnerships in industry; and Produce measurable, usable outcomes from this working group that members and future members can consume to leapfrog their IS risk management practices.

NIS2 Implementation Working Group

This group will be collaborating on the NIS2 directive coming to the EU in 2023.  The goal is to develop and coordinate the approaches for each country and implement it on a company level.

OT Security Working GroupOT Security Working Group

This group is focused on fostering and promoting best practices in the areas of Operational Technology/Industrial Control systems across member organizations.  Goals include: creating a library of high-level information on best practice approaches from members who are more mature in this area, representing members’ views with relation certification and framework organizations such as ISA, and where possible to present a combined approach to OT vendors where any commonality exists.

Pharma and Healthcare Insider Threat Working Group

The working group aims to develop new ideas around Insider Threat programs specific to the pharmaceutical and healthcare sectors, by using discussions and round tables to discover new options and potential solutions for monitoring, detection, and prevention of insider threats.

Physical Security Working Group

The Physical Security Working Group will provide a platform for networking and collaboration between physical security personnel across Health-ISAC membership. Utilizing information-sharing practices, the Working Group will establish communication on best practices in security procedures encompassing workplace violence prevention, natural disaster preparedness, hostile events, vandalism or destruction of property prevention, and recovery practices from previously mentioned. Focusing on risks and challenges impacting operations and safety, the Working Group will coordinate on incident reporting to provide information to benefit the membership in times of crisis or recovery. Further focus will be on force protection of facilities to prevent or reduce the impact of physical threats to healthcare facilities.

Provider Working Group

Providers are under constant information security attack. Provider community cybersecurity ranks patient quality of care objectives and clinical research efforts in priority. Providers primarily work to develop new discoveries that can significantly impact patient health in various ways. These competing objectives combined with the goals of being more patient and clinician friendly means that, cybersecurity goals are often deferred or minimized to meet more pressing care related goals. This group will develop innovative ways to improve cybersecurity while not impeding patient care with the intent to reduce risk to provider organizations that must manage information security attacks from any source.

Purple Team Working Group

The Purple Team Working Group aims to help teams grow their purple teaming and threat detection capabilities.  Intial goals are building guidance and offering perspective on items such as: metrics for purple team excersises, purple team tooling – the pros and cons of open-souorce tooling, streamlining existing processes with automation.  The ultimate hope is these will help to demonstrate value to leadership and expand the benefit of purple teaming in the healthcare vertical.

Regional Tensions Working Group

The Regional Tensions Working Group focuses on the threats to businesses due to potential or realized regional escalations.  This group will work to identify cyber and non-cybersecurity threats relevant to the healthcare sector (including supply chain impacts), determine the associated risks and appropriate security considerations, and share that information broadly with Health-ISAC members.  

Security Architecture Working Group

The Security Architecture Working Group will share experiences, best practices, lessons learned, ideas, and non-proprietary technical products which will enable members to accelerate efforts to address security challenges, ensure end to end security protections and controls and maximize security investments. The group will exchange and establish standards for security architecture and policy use cases, continuous improvement strategies, security efficacy and other KPI metrics, vendor solution assessments and experiences, portable reusable code and other non-proprietary information.

Social and Political Risks to Healthcare (SPIRIT) Working Group

This group focuses on the threats to healthcare organizations due to growing and substantive social and political events. Strong societal reactions to issues such as the US Supreme Court decision overturning Roe v Wade, gender affirming care, family planning, controversial medical research and procedures, ethical and appropriate use of healthcare data and changing healthcare regulations and privacy laws along with business expectations are all examples that potentially motivate threat actors to target the healthcare sector to further their cause. Healthcare Providers are also facing rising workplace violence events and individuals are dealing with new threats on-line and physical security threats as these social and political issues result in “real-world” impacts.

Third Party Risk Governance (TPRG) Working Group

This working group aims to evolve our collective capabilities and enable the focus of our organizations in implementing a best – in – class third party risk management program by following these objectives:
Share and learn best practices to mitigate risks posed by third parties
Improve efficiency and effectiveness of third party risk management operating components
Enhance understanding of a third party’s information security program maturity through shared  experiences
Explore opportunities of sharing risk tactics or risk areas so that we can build a collective risk/threat landscape

Third-Party Supplier Incidents Working Group

To tackle the common global issue of managing Third-Party Supplier Incidents. There is a commonality between the suppliers, and finding a common way to deal with potential incidents appears to be critical in an ever-changing threat landscape. We are looking to approach this problem from a global perspective.

Vulnerability Management Working Group (VMWG)

The VMWG will support the operations of the Health-ISAC member community to offer insight into new and emerging vulnerabilities and provide countermeasures to the community. This will provide insights into how the Health-ISAC members can enable defensive measures beyond traditional “patch management”. The VMWG will offer insights, via presentations and whitepapers, into best practices across the Health-ISAC community. The VMWG will have primary oversight over new critical vulnerabilities and zero-day vulnerabilities affecting the sector and will coordinate actions as these events arise.

Joint Working Groups

Health-ISAC Joint Working Groups serve the same function as its Working Groups; however, Joint Working Groups leverage non-member participation as well in order to accomplish their objectives.

Incident Response Working Group

This group has currently partnered and working jointly under the Health Sector Coordinating Council’s Incident Response Business Continuity (IRBC) Task Group and includes members from HSCC and HHS’s 405(d) Working Group.  Their shared focus will center on experiences, tactics, wins, and challenges to evolve our collective incident response capabilities and develop robust, sustainable programs in order to minimize damage from incidents and improve information security practices in our industry.  Goals include producing a template playbook, supplemental collateral, and usable outcomes that will allow users to consume and leapfrog their incident response practices.


Committees support official programs of the Health-ISAC. The Committees help serve a governance function and bring member input into the shaping of Health-ISAC services. Since Committees serve a specific program function, membership to committees is not open membership. Any member that is interested in serving on a Committee may contact Membership to find out whether the Committee has an opening and the process for applying.

Business Resilience Committee

The Business Resilience Committee will support the operations of the Health-ISAC Resilience Program. The BRC will focus on identifying non-cybersecurity all hazard threats relevant to the health sector, determine the associated risks and appropriate security considerations, and support the Health-ISAC Threat Operations Center (TOC) to share that information broadly to the Health-ISAC members.   During times of crisis, the Business Resilience Committee will provide systemic incident response guidance, analyze incidents, and facilitate impact assessment and crisis escalation on behalf of the sector. The Business Resilience Committee will have primary oversight over physical events affecting the sector, will coordinate actions during a crisis, and will be the primary control point for the Physical Threat Alert Level for the sector. 

European Council

The purpose of Health-ISAC’s European Council is to advance and foster the mission of HealthISAC by facilitating an infrastructure and community that focuses on the issues and threats European organizations and members face.

Identity Committee

The mission of the Health-ISAC Identity Committee is to provide HealthISAC Leadership advice regarding Identity & Access Management (IAM) issues, help set the strategy, goals and objectives for the IAM Working Group.

Medical Device Security Council (MDSC)

Originally called the Medical Device Security Information Sharing Council (MDSISC), Health-ISAC established this council in 2015. MDSC strives to improve the resilience of the healthcare ecosystem. Participants from Medical Device Manufacturers (MDMs) and Health Delivery Organizations (HDOs) collaborate to help improve privacy and security and to ensure implementations are practical and achievable. The MDSC currently operates regional chapters in both Europe and the Americas. Each chapter holds a monthly meeting providing an educational session and an opportunity for council members to discuss current challenges or regulatory changes impacting the medical device ecosystem.

Threat Intelligence Committee

The Threat Intelligence Committee (TIC) is responsible for looking at the cyber threat landscape for the health and public health (HPH) sector and developing strategic direction for the ISAC community to anticipate and prepare for threats. The TIC helps facilitate the planning, coordination, collection, trending, processing and analysis, production of white papers and other materials and dissemination of primarily cyber threat intelligence for the HPH sector through engagement with internal and external stakeholders. The Health-ISAC Threat Intelligence Committee is a closed working group. 

Translate »